I am learning and using Web API and need to implement following Authentication mechanism:
Very First call to Web API will be a Handshaking (Login and token sharing). Login Method of the Web API will be called with the proper credentials, once approved a GUID based Token will be returned to the Client( A Jquery or Windows based). Token will be expired after some configurable time.
Till then, client should be able to communicate with the WebAPI with sharing the same token value with every requests, thus wouldn't need to authenticate each call.
For having Token in each call, it is quite possible to have it in each QueryString or have it in each param of the Web API method.
But, I am looking for the possibilities Where Token can be embedded with the HTTPRequestHeader via JQuery (using AJAX calls) or Windows based clients. I would like if you guys could help me to identify the fair approach to implement this system and perils in advance.